LightStep tracers use access tokens to identify the project the tracer is reporting for. LightStep Satellites need this token to accept and store span data from the tracer. Reports from clients with invalid or deactivated access tokens will be rejected on ingress.
Access tokens tell the LightStep tracer which LightStep project to report to. You may want to create more than one token when you want fine-grained control over the data your services send to LightStep. For example, you can have separate tokens for your clients and backend services. This way, if you have key rotation policies for public services (i.e. web or mobile clients), you can disable only that one and deploy a new token without affecting the other clients' reporting or having to roll out changes in multiple places.
You create access tokens for projects from the Project Settings page.
To create an access token:
- From the Navigation Bar, click Project Settings.
- In the Access Tokens table, click Create New.
A new row in the table is created with a token. By default, tokens are not given a name.
It may take up to 5 minutes for the token to propagate to all active Satellites.
- To name the token, click Rename, enter a name, and click Rename Token.
You can disable access tokens when needed. Disabled tokens can be reactivated.
To disable an access token, in the Access Tokens table, click Disable for the token.
You can view all disabled tokens using the switch at the top of the table.
Reactivate a disabled token by clicking Enable.
It may take up to 5 minutes for the disable/enable signal to propagate to all active Satellites.